An update that solves three vulnerabilities and has 7 fixes is now available.

Description:

This update for xrdp fixes the following issues:
Security issues fixed:

CVE-2013-1430: When successfully logging in using RDP into an xrdp
session, the file ~/.vnc/sesman_${username}_passwd was created. Its
content was the equivalent
of the user's cleartext password, DES encrypted with a known key
(bsc#1015567).

CVE-2017-16927: The scp_v0s_accept function in sesman/libscp/libscp_v0.c
in the session manager in xrdp through used an untrusted integer as a
write length, which could lead to a local denial of service
(bsc#1069591).

CVE-2017-6967: Fixed call of the PAM function auth_start_session(). This
lead to to PAM session modules not being properly initialized, with a
potential consequence of incorrect configurations or elevation of
privileges, aka a pam_limits.so bypass (bsc#1029912).

Other issues addressed:

The KillDisconnected option for TigerVNC Xvnc sessions is now supported
(bsc#1101506)